honeypot 0.0.1

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Seamus Abshere
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,108 @@
+= honeypot
+
+Catch bad guys when they stick their hands in the honey.
+
+== models
+
+copy gemdir/models/*.rb to your models dir
+
+== requestables interface
+
+requestables (like User, Vote, etc.) should define #actor
+
+  class User < ActiveRecord::Base
+    include RemoteRequestLogger
+    def actor; self; end
+  end
+
+  class Vote < ActiveRecord::Base
+    belongs_to :user
+    include RemoteRequestLogger
+    def actor; user; end
+  end
+
+== usage in controllers
+
+put this in your application controller so it has a maximum chance of grabbing the ip
+
+  class ApplicationController < ActionController::Base
+    # this is safe enough for engineyard cloud, where internal ip addresses always start with 10.
+    def ensure_remote_ip
+      session[:remote_ip] = request.remote_ip unless request.remote_ip.starts_with?('10.')
+    end
+    prepend_before_filter :ensure_remote_ip
+  end
+
+then you invoke log_remote_request with both session and request
+
+  class SessionsController < ApplicationController
+    def create
+      # @user = [...]
+      @user.log_remote_request session, request
+    end
+  end
+
+== migration
+
+  create_table "remote_hosts" do |t|
+    t.string   "ip_address"
+    t.string   "hostname"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.float    "latitude"
+    t.float    "longitude"
+    t.string   "city"
+    t.string   "country_code"
+    t.string   "state_name"
+  end
+  add_index "remote_hosts", ["ip_address"], :name => "index_remote_hosts_on_ip_address"
+  create_table "remote_requests" do |t|
+    t.integer  "requestable_id"
+    t.string   "requestable_type"
+    t.integer  "remote_host_id"
+    t.integer  "hits"
+    t.string   "last_http_referer"
+    t.string   "last_request_uri"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  add_index "remote_requests", ["remote_host_id"], :name => "index_remote_requests_on_remote_host_id"
+  add_index "remote_requests", ["requestable_type", "requestable_id"], :name => "index_remote_requests_on_requestable"
+
+== helper for active-scaffold
+
+  def remote_requests_column(record)
+    str = '<ul>'
+    str << record.remote_requests.map { |x| content_tag :li, x.to_label }.join
+    str << '</ul>'
+    str
+  end
+
+== remote hosts controller with active-scaffold
+
+  class RemoteHostsController < ApplicationController
+    allow_access :admin
+    layout 'admin'
+    helper :remote_hosts
+    active_scaffold :remote_host do |config|
+      config.list.per_page = 100
+      config.actions.exclude :search, :create, :update, :delete
+      config.columns.add :remote_requests_count
+      config.columns[:remote_requests_count].sort_by :sql => "(SELECT COUNT(remote_requests.id) FROM remote_requests WHERE remote_requests.remote_host_id = remote_hosts.id)"
+      config.columns.add :last_remote_request_at
+      config.columns[:last_remote_request_at].sort_by :sql => "(SELECT MAX(remote_requests.updated_at) FROM remote_requests WHERE remote_requests.remote_host_id = remote_hosts.id)"
+      config.list.columns = %w{
+        hostname
+        ip_address
+        country_code
+        state_name
+        city
+        remote_requests_count
+        last_remote_request_at
+      }
+    end
+  end
+
+== Copyright
+
+Copyright (c) 2010 Seamus Abshere. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,54 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "honeypot"
+    gem.summary = %Q{Track remote requests to catch fraud.}
+    gem.description = %Q{Catch bad guys when they stick their hands in the honey.}
+    gem.email = "seamus@abshere.net"
+    gem.homepage = "http://github.com/seamusabshere/honeypot"
+    gem.authors = ["Seamus Abshere"]
+    gem.add_dependency 'fast_timestamp', '0.0.4'
+    gem.add_dependency 'geokit', '1.5.0'
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "honeypot #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/honeypot.gemspec

@@ -0,0 +1,60 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{honeypot}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Seamus Abshere"]
+  s.date = %q{2010-02-02}
+  s.description = %q{Catch bad guys when they stick their hands in the honey.}
+  s.email = %q{seamus@abshere.net}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "honeypot.gemspec",
+     "lib/honeypot.rb",
+     "lib/remote_host.rb",
+     "lib/remote_request.rb",
+     "lib/remote_request_logger.rb",
+     "test/helper.rb",
+     "test/test_honeypot.rb"
+  ]
+  s.homepage = %q{http://github.com/seamusabshere/honeypot}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Track remote requests to catch fraud.}
+  s.test_files = [
+    "test/helper.rb",
+     "test/test_honeypot.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<fast_timestamp>, ["= 0.0.4"])
+      s.add_runtime_dependency(%q<geokit>, ["= 1.5.0"])
+    else
+      s.add_dependency(%q<fast_timestamp>, ["= 0.0.4"])
+      s.add_dependency(%q<geokit>, ["= 1.5.0"])
+    end
+  else
+    s.add_dependency(%q<fast_timestamp>, ["= 0.0.4"])
+    s.add_dependency(%q<geokit>, ["= 1.5.0"])
+  end
+end
+

data/lib/honeypot.rb

@@ -0,0 +1,4 @@
+# auto-loaded by rails
+# require 'remote_host'
+# require 'remote_request'
+# require 'remote_request_logger'

data/lib/remote_host.rb

@@ -0,0 +1,74 @@
+class RemoteHost < ActiveRecord::Base
+  has_many :remote_requests, :dependent => :destroy
+
+  # start active-scaffold interface
+  def remote_requests_count
+    remote_requests.count
+  end
+  def last_remote_request_at
+    remote_requests.calculate :max, :updated_at
+  end
+  # end active-scaffold interface
+
+  include FastTimestamp
+
+  def lookup_hostname
+    result = Resolv.getname ip_address
+    if result.present?
+      update_attribute :hostname, result
+      untimestamp! :failed_to_lookup_hostname
+    else
+      timestamp! :failed_to_lookup_hostname
+    end
+  rescue # Resolv::ResolvError
+    timestamp! :failed_to_lookup_hostname
+  end
+  
+  def geolocate
+    location = Geokit::Geocoders::MultiGeocoder.geocode ip_address
+    
+    # take what we can get
+    if location.success
+      self.latitude = location.lat if location.lat.present?
+      self.longitude = location.lng if location.lng.present?
+      self.country_code = location.country_code if location.country_code.present?
+      # state -> state_name
+      self.state_name = location.state if location.state.present?
+      self.city = location.city if location.city.present?
+      save!
+    end
+    
+    # but only call it a success if we get latitude
+    # this way if we don't, it will check again in 5 days
+    if location.success and location.latitude.present?
+      untimestamp! :failed_to_geolocate
+    else
+      timestamp! :failed_to_geolocate
+    end
+  rescue
+    timestamp! :failed_to_geolocate
+  end
+
+  def delayed_lookup_hostname
+    if (rand(20) == 1 or hostname.blank?) and (
+         !timestamped?(:failed_to_lookup_hostname) or
+         timestamp_for(:failed_to_lookup_hostname) < 5.days.ago
+       )
+      defined?(Delayed::Job) ? send_later(:lookup_hostname) : lookup_hostname
+    end
+    true
+  end
+
+  def delayed_geolocate
+    if (rand(20) == 1 or latitude.blank?) and (
+         !timestamped?(:failed_to_geolocate) or
+         timestamp_for(:failed_to_geolocate) < 5.days.ago
+       )
+      defined?(Delayed::Job) ? send_later(:geolocate) : geolocate
+    end
+    true
+  end
+
+  after_save :delayed_lookup_hostname
+  after_save :delayed_geolocate
+end

data/lib/remote_request.rb

@@ -0,0 +1,6 @@
+class RemoteRequest < ActiveRecord::Base
+  belongs_to :requestable, :polymorphic => :true
+  belongs_to :remote_host
+
+  delegate :to_label, :to => :requestable
+end

data/lib/remote_request_logger.rb

@@ -0,0 +1,36 @@
+module RemoteRequestLogger
+  def self.included(base)
+    base.class_eval do
+      has_many :remote_requests, :as => :requestable, :dependent => :destroy
+      has_many :remote_hosts, :through => :remote_requests, :uniq => true
+    end
+  end
+  
+  def log_remote_request(session, request)
+    effective_ip_address = session[:remote_ip].present? ? session[:remote_ip] : request.remote_ip
+    x = remote_requests.find_or_create_by_remote_host_id RemoteHost.find_or_create_by_ip_address(effective_ip_address).id
+    x.last_http_referer = request.referer if request.referer.present?
+    x.last_request_uri = request.request_uri if request.request_uri.present?
+    x.increment :hits
+    x.save!
+    true
+  end
+  
+  def related_requestables(seen_remote_host_ids = [])
+    set = Set.new
+    conditions = seen_remote_host_ids.present? ? [ "remote_hosts.id NOT IN (?)", seen_remote_host_ids ] : nil
+    remote_hosts.scoped(:conditions => conditions).find_in_batches do |batch|
+      batch.each do |remote_host|
+        seen_remote_host_ids << remote_host.id
+        remote_host.remote_requests.all(:include => :requestable).each do |remote_request|
+          set << remote_request.requestable
+        end
+      end
+    end
+    if respond_to?(:actor) and actor != self
+      set += actor.related_requestables(seen_remote_host_ids)
+    end
+    set.delete self
+    set
+  end
+end

data/test/helper.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'honeypot'
+
+class Test::Unit::TestCase
+end

data/test/test_honeypot.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestHoneypot < Test::Unit::TestCase
+  def test_something_for_real
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,88 @@
+--- !ruby/object:Gem::Specification 
+name: honeypot
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Seamus Abshere
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-02-02 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: fast_timestamp
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        version: 0.0.4
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: geokit
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        version: 1.5.0
+    version: 
+description: Catch bad guys when they stick their hands in the honey.
+email: seamus@abshere.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- honeypot.gemspec
+- lib/honeypot.rb
+- lib/remote_host.rb
+- lib/remote_request.rb
+- lib/remote_request_logger.rb
+- test/helper.rb
+- test/test_honeypot.rb
+has_rdoc: true
+homepage: http://github.com/seamusabshere/honeypot
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Track remote requests to catch fraud.
+test_files: 
+- test/helper.rb
+- test/test_honeypot.rb